The latest articles on DEV Community by abebeos (@abebeos). https://dev.to/abebeos https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1027877%2Fe54ed92c-3ba7-40b5-8aea-74b7bd7bec83.png https://dev.to/abebeos en abebeos Thu, 16 Feb 2023 07:04:15 +0000 https://dev.to/abebeos/how-solana-ignores-security-best-practices-3ml3 https://dev.to/abebeos/how-solana-ignores-security-best-practices-3ml3 <p>I really thought "I saw it all" within crypto and open-source.</p> <p>But then, today, Solana managed to surprise me.</p> <p>I visited the project on github (<a href="https://github.com/solana-labs/solana">https://github.com/solana-labs/solana</a>), and tried to get an overview of the ~800 open issues and ~100 open PRs.</p> <p>Far too much, so I focused on the older issues, narrowed it further down to <code>security</code> issues.</p> <p>To my surprise, I was... blocked:</p> <p><a href="https://github.com/solana-labs/solana/issues/30328">https://github.com/solana-labs/solana/issues/30328</a></p> <p>Even issues like</p> <p>Potential privilege escalation in sys-tuner<br> <a href="https://github.com/solana-labs/solana/issues/9141">https://github.com/solana-labs/solana/issues/9141</a></p> <p>are left open. The team maybe knows that the issues are non-critical.</p> <p>But a visitor cannot be sure.</p> <p>I guess that this is what happens after a team is successful financially: they simply do as it pleases them, joking around when visitors (of their open-source code-base) have concerns.</p> <p>So disappointing all this.</p> <p>Still need to find a smart-contract platform where the core-devs have kept some (technological, procedural) sanity, despite their financial success.</p> <p>.</p> solana security opensource